Many many moons ago I vaguely remember having a similar issue with java keystore / truststore and microsoft certificates stores. When you start using SSL for your listener, you could potentially face a large number of issues amoung your toolsets. In my opinion, the most disastrous one is that you cannot monitor your database with […]

If you configure your listener for encryption only, you do not really need authentication. It works pretty fine until 11.2.0.2, I wrote multiple posts on ssl. You add SSL_CLIENT_AUTHENTICATION=FALSE to your server sqlnet.ora and listener.ora and specify an “anon” cipher suite in your client. You do not need to validate the certificate, so a default […]

A not uncommon issue with firewalls and listeners are timeouts. Your production database may be behind a firewall, you may connect from a remote location, even your Windows workstation may have some firewall activated, possibly you use ssh tunnels or TCPS. All those occasionally lead to timeouts and connection abortion, for instance ORA-03113 end-of-file on […]

When you do expand your Active Directory schema, it is not reversible; how to decide to use the OracleContext as a top object or not? On the one hand, for tnsnames resolution, you could hide your context down in your AD structure and change the path in ldap.ora DIRECTORY_SERVER_TYPE=AD DEFAULT_ADMIN_CONTEXT="OU=Oracle,OU=Misc,DC=example,DC=com" For debugging, I set TNSPING.TRACE_LEVEL=ADMIN […]

Monday I wrote on tnsping.exe inconsistencies. Actually there is one good thing in having Oracle Client on Windows looking in the current directory first : you can set one tnsnames for a specific shortcut ! It is quite a viable alternative to .bat files with set TNS_ADMIN=path. Demo : First I create a small EXE […]